search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

nfs-utils vulnerable to buffer overflow in "getquotainfo()" in "rquota_server.c"

Vulnerability Note VU#698302

Original Release Date: 2005-03-04 | Last Revised: 2005-04-04

Overview

A vulnerability in nfs-utils could permit an attacker to execute arbitrary code on the system or cause a denial of service.

Description

The NFS protocol provides remote access to shared files accross networks. The nfs-utils package provides an NFS client and server for Linux systems. Nfs-utils on 64-bit architecture machines contains a stack-based buffer overflow vulnerability. The function "getquotainfo()" in "rquota_server.c" assumes certain values to be 32-bit in size during a call to memcpy(). On a 64-bit machine, this can cause a buffer overflow.

Impact

A remote attacker could execute arbitrary code or create a denial-of-service condition on a vulnerable server running nfs-utils.

Solution

Apply a patch from your vendor

For vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document.

Vendor Information

698302
 
Expand all

MandrakeSoft Affected

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Affected

Vendor Statement

Mandrakesoft released the following advisory:

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:005

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc. Affected

Notified:  January 14, 2005 Updated: January 20, 2005

Status

Affected

Vendor Statement

Red Hat Enterprise Linux ships with an nfs-utils package vulnerable to this
issue. New nfs-utils packages are now available along with our advisory at
the URLs below and by using the Red Hat Network 'up2date' tool.

Red Hat Enterprise Linux 3:
http://rhn.redhat.com/errata/RHSA-2004-583.html
Red Hat Enterprise Linux 2.1:
http://rhn.redhat.com/errata/RHSA-2005-014.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TurboLinux Affected

Notified:  January 14, 2005 Updated: April 04, 2005

Status

Affected

Vendor Statement

This issue was fixed.
Please refer this sites:
http://www.turbolinux.com/security/2005/TLSA-2005-33.txt
http://www.turbolinux.co.jp/security/2005/TLSA-2005-33j.txt

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian Not Affected

Notified:  January 14, 2005 Updated: January 17, 2005

Status

Not Affected

Vendor Statement

The Debian distributions are not vulnerable since the code in question is not used.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems Inc. Not Affected

Notified:  January 14, 2005 Updated: January 20, 2005

Status

Not Affected

Vendor Statement

Sun's products are not affected by the vulnerabilities within VU#698302.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Conectiva Unknown

Updated:  January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

EMC Corporation Unknown

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company Unknown

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM eServer Unknown

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM-zSeries Unknown

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Immunix Unknown

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ingrian Networks Unknown

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software Unknown

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell Unknown

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux Unknown

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SCO Unknown

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SGI Unknown

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sequent Unknown

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SuSE Inc. Unknown

Notified:  January 14, 2005 Updated: January 14, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

View all 19 vendors View less vendors


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Red Hat credits Arjan van de Ven with reporting this vulnerability.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2004-0946
Severity Metric: 7.48
Date Public: 2004-11-22
Date First Published: 2005-03-04
Date Last Updated: 2005-04-04 14:36 UTC
Document Revision: 10

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis